This is exactly the kind of review I'm hoping for. > On Jan 24, 2018, at 6:12 PM, Sam Ruby <[email protected]> wrote: > > > Caller passes @token. Method receives this as token. Then @token is > checked, and if set, token is used to construct a filename. Works, > but seems odd.
This is the result of having this function originally as a niladic function, taking the global @token implicitly. I had some trouble with sharing globals among the routes so I changed it to take a parameter. > > Also, there is no need to store filename as an instance variable. Remove the > @? > > Finally, something serious: check to make sure that token contains > only hex characters? In particular, disallow starting with a dot or > any use of forward or backward slashes. Probably need a regular expression here. [0-9a-f]* or somewhat. Then I need an errorMessage and errorCode that makes sense. "../../etc/hosts is not a valid file name" 998 possible file name injection attack detected and thwarted Craig > > - Sam Ruby Craig L Russell Secretary, Apache Software Foundation [email protected] http://db.apache.org/jdo
